Breaking

Home Top Ad

Post Top Ad

Jul 30, 2018

Chinese “hackers” are sending malware via snail mail

In what amounts to one of the simplest but most baffling forms of social
engineering, hackers from China have taken to sending CDs full of
malware to state officials, leading the Multi-State Information Sharing
and Analysis Center, a government security outfit, to release a warning
detailing the scam.

The trick is simple: a package arrives with a Chinese postmark
containing a rambling message and a small CD. The CD, in turn, contains a
set of Word files that include script-based malware. These scripts run
when the victims access them on their computers, presumably resulting in
compromised systems.

“The MS-ISAC said preliminary analysis of the CDs indicate they contain
Mandarin language Microsoft Word (.doc) files, some of which include
malicious Visual Basic scripts,” wrote security researcher Brian Krebs.
“So far, State Archives, State Historical Societies, and a State
Department of Cultural Affairs have all received letters addressed
specifically to them, the MS-ISAC says. It’s not clear if anyone at
these agencies was tricked into actually inserting the CD into a
government computer.”

While it should be obvious that you shouldn’t stick unrequested storage
media into your computer, clearly this scam seemed feasible enough for
someone to spend a little cash to make and ship these little CD-ROMs.
Now they just have to target victims who still use CD readers.